General > Users

To 'bridge' or not to 'bridge'

(1/2) > >>

ardirtbiker:
In lmce 1204 and 1404, bridging appears to have changed within the linux kernel.   In 1004 i had bridged eth1 (internal NIC) with wlan0 (AP) following  the instructions here:http://wiki.linuxmce.org/index.php/Access_Point
After changing 'eth1' in the firewall to 'br0' (the bridge interface), verything worked without a hitch.

In 1204 and 1404, when the bridge is set up the same, the MDs cannot access the nfs storage drives, but my wifi devices work fine. 

Is there a better route to take other than bridging?     Is there something else I need to do to the firewall?   

Some internet sources suggest installing ebtables and set up some rules there and add other rules to iptables.   I dont quite grasp firewalls  and am stuck.

Any suggestions will be greatly appreciated.

Dennis

Alblasco1702:
Hello Dennis,

it isn't yet supported to bridge but to  help you further to test this.
I need some information from you.
- /etc/network/interfaces
- /etc/default/isc-dhcp-server
- iptables -vnL

ardirtbiker:
Thanks Alblasco,

Here is my /etc/network/interfaces file:

--- Code: ---# Activating interfaces
auto eth0 br0 lo

#####
# Loopback interface
#####
iface lo inet loopback

#####
# IPv4 network interfaces
#####

# --- External NIC ---
iface eth0 inet dhcp
pre-up sysctl -q -e -w  net.ipv6.conf.eth0.disable_ipv6=1
up /sbin/ifconfig eth0 up
down /sbin/ifconfig eth0 down

# --- Internal NIC ---
iface eth1 inet manual
pre-up sysctl -q -e -w net.ipv6.conf.eth1.disable_ipv6=1
up /sbin/ifconfig eth1 up
down /sbin/ifconfig eth1 down
#####

# --- Wireless NIC ---
iface wlan0 inet manual

# --- Bridge ---
iface br0 inet static
address 192.168.80.1
network 192.168.80.0
netmask 255.255.255.0
broadcast 192.168.80.255
gateway 192.168.1.254
pre-up /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
bridge_ports eth1 wlan0
dns-nameservers 192.168.1.254 8.8.8.8
dns-search LinuxMCE.local
down /sbin/ifconfig br0 down

--- End code ---
Here is /etc/default/isc-dhcp-server:

--- Code: ---INTERFACES="br0"
--- End code ---
and here is the output of iptables -vnL

--- Code: ---Chain INPUT (policy DROP 3 packets, 116 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1
    2    92 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
  492 57564 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
    6  1616 ACCEPT     udp  --  br0    *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
    2   120 ACCEPT     tcp  --  br0    *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     lo      0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
    4  2563 ACCEPT     tcp  --  br0    *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */

Chain OUTPUT (policy ACCEPT 317 packets, 45260 bytes)
 pkts bytes target     prot opt in     out     source               destination         
       

--- End code ---



Let me know if you need anything else.

Dennis

Alblasco1702:
Hello Dennis,

Iptables is setup as the lmce-firewall write the iptables rules on the background.
Bridging is so far the easyest way to do this, else you need to create forward rules and change a lot of configuration files,
i'm not shure of everything will get to work that way.

there seems to be a problem with the nfs config i'm not shure where this problem is.
I check here to be shure i'm  not having this issue.
Your configuration so far seems right.

ardirtbiker:
thank you sir!   

I'll keep a lookout for a resolution to the nfs issue.



Dennis

Navigation

[0] Message Index

[#] Next page

Sitemap 
Go to full version